On Mon, 16 Mar 1998, Jeff Hansen wrote:
> some buffer to gain a root shell. This exploit is either in inetd or
> identd (I am thinking it is in inetd, because identd is run as
> 'nobody'). If anyone would like to check out inetd for any holes,
I'm surprised that it would be in inetd, since inetd doesn't do any
processing of the input before calling the program registered on that
port. It only serves to connect the socket to that program's stdin/stdout
and doesn't really pay any attention at all to what the data is. So it
would be hard to fool it.
My guess is that it's an ident problem or maybe some tcp-wrappers
weirdness, because (looking at inetd.conf) it wasn't using tcpd to call
ident. (dunno why). Anyone know what the deal is with this inetd? Is it
a real hole, or what?
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
